Your message dated Tue, 29 Apr 2025 19:04:35 +0000
with message-id <[email protected]>
and subject line Bug#1100806: fixed in containerd 1.7.24~ds1-6
has caused the Debian Bug report #1100806,
regarding containerd: CVE-2024-40635
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1100806: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100806
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: containerd
Version: 1.7.24~ds1-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for containerd.
CVE-2024-40635[0]:
| containerd is an open-source container runtime. A bug was found in
| containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where
| containers launched with a User set as a `UID:GID` larger than the
| maximum 32-bit signed integer can cause an overflow condition where
| the container ultimately runs as root (UID 0). This could cause
| unexpected behavior for environments that require containers to run
| as a non-root user. This bug has been fixed in containerd 1.6.38,
| 1.7.27, and 2.04. As a workaround, ensure that only trusted images
| are used and that only trusted users have permissions to import
| images.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-40635
https://www.cve.org/CVERecord?id=CVE-2024-40635
[1]
https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: containerd
Source-Version: 1.7.24~ds1-6
Done: Andreas Henriksson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
containerd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Henriksson <[email protected]> (supplier of updated containerd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Apr 2025 20:55:02 +0200
Source: containerd
Architecture: source
Version: 1.7.24~ds1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Andreas Henriksson <[email protected]>
Closes: 1100806
Changes:
containerd (1.7.24~ds1-6) unstable; urgency=medium
.
* Team upload.
* CVE-2024-40635: large UID:GID (>32bit) can overflow, runs as root
(Closes: #1100806)
Checksums-Sha1:
90e1bba90367b8cd96aa8afef092fa71660ba39d 5011 containerd_1.7.24~ds1-6.dsc
bf7a9e9751bae4fc25c434dc9ff2e12672ac1b95 35184
containerd_1.7.24~ds1-6.debian.tar.xz
ba9c047a4c9eb7763ac613ddd5c57cba4a9e39e5 17515
containerd_1.7.24~ds1-6_arm64.buildinfo
Checksums-Sha256:
4810a88901dd8b2601b6ef1ea36fe628efe757bca255fc28a1cf0db2f1f72be1 5011
containerd_1.7.24~ds1-6.dsc
7a6c27864133963f81dbf05248bfa81a537ec242efb4000e6937bfb556d015f0 35184
containerd_1.7.24~ds1-6.debian.tar.xz
f62a6acb1e354dd50eec0f93e817e4b03a0429eab791102eecb902892fc547d1 17515
containerd_1.7.24~ds1-6_arm64.buildinfo
Files:
451cdf3ba9f8efb51239b6af78cae0db 5011 admin optional
containerd_1.7.24~ds1-6.dsc
85ebe84cc0b5462f9f617811c7db4ce5 35184 admin optional
containerd_1.7.24~ds1-6.debian.tar.xz
6b4b3fb38c08504ba8c232cfde6e2f74 17515 admin optional
containerd_1.7.24~ds1-6_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmgRIiQACgkQC8R9xk0T
Uwac2A/+NKmEY7Wd/CeSd2zrATp/bbsdD2RT4UNIFAR46N1xKg6ehVuaRshrSXxt
1frwLDbKKKIKuiUOc5o+TffAqcDuKQPCTPy7u/ssQuXZAIN3FMAUfsEY229UBxPt
HGl6tsnImSFHKvp/lbnmTueKyMKvc/WdwbJCrHFQNegncRW+8/TffNawLv4w8bh3
ZAlzToDIHfCA35030ZpTOrmcvt5BL7wQbcg1NzR9yfDdIYnPfrzMhQYK1falfYOs
KLU6esRC6kRBt+MzlEJGoWN2MBHVIAxgC4fahptvr9knp4NhUHcgTeFs1dkudvNF
Nz/28l6KjG4wUBpmrZm52jwrVIbOLjdACrJy4AIPmrI2HzN6PJgH/UvUm8Uz3dsB
HSQohdlGHhJHeaoZ8MP5Y6ukMvNeZlVwqFeZ+Zl7Gdo+GxsHMlDozLdkoABZPk4u
DraFHXCSwnnQHv+LCsWWxwLSdMITWggew3NWBWXmhkKQEeVvxX8my93aJ4RZqtV9
GHqGTfXj4z0Dx+KfMF5hxmT6Oh+C+XdPzlqD9s+j5hUyE17U6wZ0KB/6IqzcL46K
Ji3mf1OOHaWvsJZAhd0gunRhjGwlH5qASuyah37HQFpcxICkRotAkI3eixHBu2Vr
1VfiX9TOsFa0N3Zs8sV6M2V2rAJjTdznopXYbbpI9V+b5W/FrJI=
=uhmU
-----END PGP SIGNATURE-----
pgpkE1avifZni.pgp
Description: PGP signature
--- End Message ---
